Vindu Goel at the San Jose Mercury News has been keeping track of a story involving the theft of a laptop computer containing the personal data of 51,000 current and former employees of Agilent Technologies.The data breach includes names, Social Security numbers, addresses, and company stock‑related information.

In their letter to employees, Agilent put the blame on a vendor, the aptly named Stock & Options Solutions, referred to as SOS in Mr. Goel’s articles. (Anyone foresee that the name would backfire on them?Show of hands, everyone.)SOS was hired to make sure that Agilent’s former money management firm, Smith Barney, correctly transferred employee stock data to Fidelity Investments, the new administrator of Agilent’s employee stock program.

I don’t know what SOS needed to do specifically but, based on subsequent events, it’s clear that they required employees’ personal data.Agilent concurred, though on the condition that SOS safeguard the data.Indeed, Agilent is claiming that the unencrypted laptop is in violation of SOS’s contract.I’d say someone’s about to get sued, especially when you consider that in similar past cases, the third party vendors’ identities were actually protected by the affected companies (like the Gap protecting their vendor last year, for instance).

The funny thing about this story is that the vendor told Agilent that the laptop was stolen en route to being encrypted, according to an Agilent spokeswoman.Now, this is not unusual; it could happen, technically.There’s a reason why you ideally want to encrypt your machines before you begin to use them and download sensitive data and whatnot.What is unusual, though, is that an SOS employee took the laptop from the East Coast to California to encrypt it.Let me repeat that again: in order to encrypt the laptop, they traversed the entire continent, from sea to shining sea.

This, to me, is lunacy.I have to assume this person took a plane to reach Cali.That implies an airport, a busy place where things get stolen and lost. All. The. Time.Plus, there are all those pesky little instances where something could be lost on the way to the airport, and from the airport to the final destination.You generally want to have your laptops encrypted because you’re about to face such potential dangers, not in spite of them.It boggles the mind—is this some kind of pre‑emptive April Fool’s joke?

Maybe they should have gone with AlertBoot.Unlike whatever SOS was using, or tried to use and failed spectacularly, AlertBoot’s encryption is easy to deploy and entirely web‑based.So, instead of having to spend a grand getting somewhere to protect a laptop, hard drive encryption can be easily employed by hopping onto the internet.And, the status of encryption can be verified from a central console via powerful reporting engines, so auditing teams can stay on top of any computers that don’t have data protection on them.

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading
provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing
support of the AlertBoot disk encryption managed service.
Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts
University in Medford, Massachusetts, U.S.A.